{ "Event": { "analysis": "1", "date": "2019-01-18", "extends_uuid": "", "info": "[Threat Intel] Black Energy \u2013 Analysis", "protected": false, "publish_timestamp": "1772418869", "published": true, "threat_level_id": "2", "timestamp": "1772418866", "uuid": "34c150d0-1e0c-4d4f-94b3-5ce551808a64", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Sandworm\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772245028", "to_ids": false, "type": "link", "uuid": "24a39d8d-bc6a-4789-bdfa-5fec0e71a538", "value": "https://marcusedmondson.com/2019/01/18/black-energy-analysis/" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772337725", "uuid": "260a475f-7130-4232-b625-427f31329b0d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772337725", "to_ids": true, "type": "md5", "uuid": "88050d66-3c56-4b9d-a064-48f2be58bac0", "value": "e15b36c2e394d599a8ab352159089dd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772337722", "to_ids": true, "type": "sha1", "uuid": "5f200f6b-f749-4bd4-936f-4dfc7109be09", "value": "28719979d7ac8038f24ee0c15114c4a463be85fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772337722", "to_ids": true, "type": "sha256", "uuid": "b30e7657-3683-4f8d-8896-41b9afdb8fd7", "value": "39d04828ab0bba42a0e4cdd53fe1c04e4eef6d7b26d0008bd0d88b06cc316a81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772337697", "to_ids": true, "type": "ssdeep", "uuid": "bad2608c-5a54-4697-bd51-dd169ab2de59", "value": "24576:QWa4kgsv/30DkRkkRbRjwwM6IfS1Uu6OduwW:Q83I/32kSkTjwwM6IfS1Uu6OduwW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772337697", "to_ids": false, "type": "size-in-bytes", "uuid": "f59bf1e2-1efe-4e07-8599-7d0f83021223", "value": "1194496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772337697", "to_ids": true, "type": "vhash", "uuid": "8c8ca390-d839-4e3d-8629-480817707b3d", "value": "850225048f1c6dd021739dace14c0b8f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772337697", "to_ids": true, "type": "filename", "uuid": "45f004ae-8de7-48af-bbe9-579e29e87e02", "value": "doc.doc" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 04/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772337697", "to_ids": false, "type": "text", "uuid": "9126281e-c153-4f49-ad57-92183b9e82d6", "value": "Type Description: MS Word Document\nMicrosoft: TrojanDropper:O97M/Aptdrop.H\nVT Total Detection:41/64\nFirst Submission:2016-01-20T08:03:52.000000+00:00\nLast Submission:2024-06-11T10:06:38.000000+00:00" } ] } ] } }